Scribd
Upload
18 views

String Hacker Process

Uploaded by

Nguyễn Quân
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
18 views

String Hacker Process

Uploaded by

Nguyễn Quân
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 26

Process Hacker 2.39.

124
Windows NT 10.0 (64-bit)
11/11/2024 7:33:01 AM

0x2023c (128): ! #!%"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?


0x9dfe8 (24): ISTRY\MACHIN
0x9e3e4 (60): EGISTRY\USER\S-1-5-21-24507756
0x9ee06 (38): \REGISTRY\USER\S850
0x9ee60 (272): \REGISTRY\USER\S-1-5-21-245077564-3469246947-3992900880-1001\
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsD31}
0x9f110 (58): C:\Windows\syswow64\ntdll.dll
0x19c230 (38): C:\Windows\SysWOW64
0x19c4b0 (62): C:\Windows\SYSTEM32\sechost.dll
0x19c87c (124): Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5
0x19cae4 (26): C:\Users\quan
0x19e038 (28): \AppData\Local
0x19e264 (32): C:\Users\Default
0x19e494 (60): C:\Users\Default\AppData\Local
0x19e798 (26): C:\Users\quan
0x19eab0 (54): C:\Users\quan\AppData\Local
0x1b0000 (62): C:\Windows\system32\apphelp.dll
0x1b03e0 (12): ApphelpDebug
0x1b043c (12): shimengstate
0x1b0498 (12): ShimDebugLog
0x1b0be8 (54): C:\Windows\SysWOW64\cmd.exe
0x1c0860 (54): =C:=C:\Users\quan\Downloads
0x1c0898 (60): ALLUSERSPROFILE=C:\ProgramData
0x1c08d6 (74): APPDATA=C:\Users\quan\AppData\Roaming
0x1c0922 (68): BuildLab=10240.th1_st1.170427-1347
0x1c0968 (102): BuildLabEx=10240.17394.amd64fre.th1_st1.170427-1347
0x1c09d0 (96): CommonProgramFiles=C:\Program Files\Common Files
0x1c0a32 (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x1c0aaa (96): CommonProgramW6432=C:\Program Files\Common Files
0x1c0b0c (56): COMPUTERNAME=DESKTOP-SH8VOCG
0x1c0b46 (70): ComSpec=C:\Windows\system32\cmd.exe
0x1c0b8e (24): HOMEDRIVE=C:
0x1c0ba8 (40): HOMEPATH=\Users\quan
0x1c0bd2 (80): LOCALAPPDATA=C:\Users\quan\AppData\Local
0x1c0c24 (58): LOGONSERVER=\\DESKTOP-SH8VOCG
0x1c0c60 (44): NUMBER_OF_PROCESSORS=2
0x1c0c8e (62): OneDrive=C:\Users\quan\OneDrive
0x1c0cce (26): OS=Windows_NT
0x1c0cea (268): Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\
Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0x1c0df8 (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x1c0e74 (56): PROCESSOR_ARCHITECTURE=AMD64
0x1c0eae (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 140 Stepping 1,
GenuineIntel
0x1c0f40 (34): PROCESSOR_LEVEL=6
0x1c0f64 (46): PROCESSOR_REVISION=8c01
0x1c0f94 (52): ProgramData=C:\ProgramData
0x1c0fca (58): ProgramFiles=C:\Program Files
0x1c1006 (80): ProgramFiles(x86)=C:\Program Files (x86)
0x1c1058 (58): ProgramW6432=C:\Program Files
0x1c1094 (22): PROMPT=$P$G
0x1c10ac (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x1c112e (44): PUBLIC=C:\Users\Public
0x1c115c (28): SystemDrive=C:
0x1c117a (42): SystemRoot=C:\Windows
0x1c11a6 (74): TEMP=C:\Users\quan\AppData\Local\Temp
0x1c11f2 (72): TMP=C:\Users\quan\AppData\Local\Temp
0x1c123c (52): USERDOMAIN=DESKTOP-SH8VOCG
0x1c1272 (82): USERDOMAIN_ROAMINGPROFILE=DESKTOP-SH8VOCG
0x1c12c6 (26): USERNAME=quan
0x1c12e2 (50): USERPROFILE=C:\Users\quan
0x1c1316 (34): windir=C:\Windows
0x1c133a (48): __COMPAT_LAYER=Installer
0x1c1370 (48): __COMPAT_LAYER=Installer
0x1c17e0 (48): C:\Users\quan\Downloads\
0x1c19e8 (118): C:\Users\quan\AppData\Local\Temp\MicroMedia\MediaCenter.exe
0x1c1a60 (118): C:\Users\quan\AppData\Local\Temp\MicroMedia\MediaCenter.exe
0x1c1ad8 (118): C:\Users\quan\AppData\Local\Temp\MicroMedia\MediaCenter.exe
0x1c1b50 (30): WinSta0\Default
0x1c1b80 (58): C:\Windows\SYSTEM32\ntdll.dll
0x1c1bd0 (38): C:\Windows\system32
0x1c1c10 (100): C:\Windows\SYSTEM32\;C:\Windows\system;C:\Windows;
0x1c1fb0 (22): C:\Windows\
0x1c2220 (64): C:\Windows\system32\wow64cpu.dll
0x1c2420 (58): C:\Windows\system32\wow64.dll
0x1c2480 (60): \Windows\System32\rasadhlp.dll
0x1c24c0 (38): oft\Windows\History
0x1c2520 (40): ystem32\wow64cpu.dll
0x1c26a0 (66): \Sessions\1\Windows\ApiPortection
0x1c2700 (64): C:\Windows\system32\wow64win.dll
0x1c2890 (264): \REGISTRY\USER\S-1-5-21-245077564-3469246947-3992900880-1001\
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
0x1c299a (26): kdown_Zones\4
0x1c30a8 (168): \Registry\Machine\Software\Wow6432Node\Microsoft\Windows\Windows
Error Reporting\WMR
0x1c3152 (36): semblyStorageRoots
0x1c3190 (32): -3992900880-1001
0x21023c (128): ! #!%"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?
0x250a80 (22): iedownload:
0x250ab0 (20): iedownload
0x250cf0 (20): iecompatua
0x250d20 (22): iecompatua:
0x250d78 (32): ogramFiles=C:\Pr
0x250dd8 (66): %SystemRoot%\system32\napinsp.dll
0x250f18 (22): Hyper-V RAW
0x250ff0 (78): @%SystemRoot%\System32\winrnr.dll,-1000
0x2513d4 (48): C:\Users\quan\Downloads\
0x2515dc (118): C:\Users\quan\AppData\Local\Temp\MicroMedia\MediaCenter.exe
0x251654 (118): C:\Users\quan\AppData\Local\Temp\MicroMedia\MediaCenter.exe
0x2516cc (118): C:\Users\quan\AppData\Local\Temp\MicroMedia\MediaCenter.exe
0x251744 (30): WinSta0\Default
0x251766 (54): =C:=C:\Users\quan\Downloads
0x25179e (60): ALLUSERSPROFILE=C:\ProgramData
0x2517dc (74): APPDATA=C:\Users\quan\AppData\Roaming
0x251828 (68): BuildLab=10240.th1_st1.170427-1347
0x25186e (102): BuildLabEx=10240.17394.amd64fre.th1_st1.170427-1347
0x2518d6 (108): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x251944 (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x2519bc (96): CommonProgramW6432=C:\Program Files\Common Files
0x251a1e (56): COMPUTERNAME=DESKTOP-SH8VOCG
0x251a58 (70): ComSpec=C:\Windows\system32\cmd.exe
0x251aa0 (24): HOMEDRIVE=C:
0x251aba (40): HOMEPATH=\Users\quan
0x251ae4 (80): LOCALAPPDATA=C:\Users\quan\AppData\Local
0x251b36 (58): LOGONSERVER=\\DESKTOP-SH8VOCG
0x251b72 (44): NUMBER_OF_PROCESSORS=2
0x251ba0 (62): OneDrive=C:\Users\quan\OneDrive
0x251be0 (26): OS=Windows_NT
0x251bfc (268): Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\
Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0x251d0a (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x251d86 (52): PROCESSOR_ARCHITECTURE=x86
0x251dbc (56): PROCESSOR_ARCHITEW6432=AMD64
0x251df6 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 140 Stepping 1,
GenuineIntel
0x251e88 (34): PROCESSOR_LEVEL=6
0x251eac (46): PROCESSOR_REVISION=8c01
0x251edc (52): ProgramData=C:\ProgramData
0x251f12 (70): ProgramFiles=C:\Program Files (x86)
0x251f5a (80): ProgramFiles(x86)=C:\Program Files (x86)
0x251fac (58): ProgramW6432=C:\Program Files
0x251fe8 (22): PROMPT=$P$G
0x252000 (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x252082 (44): PUBLIC=C:\Users\Public
0x2520b0 (28): SystemDrive=C:
0x2520ce (42): SystemRoot=C:\Windows
0x2520fa (74): TEMP=C:\Users\quan\AppData\Local\Temp
0x252146 (72): TMP=C:\Users\quan\AppData\Local\Temp
0x252190 (52): USERDOMAIN=DESKTOP-SH8VOCG
0x2521c6 (82): USERDOMAIN_ROAMINGPROFILE=DESKTOP-SH8VOCG
0x25221a (26): USERNAME=quan
0x252236 (50): USERPROFILE=C:\Users\quan
0x25226a (34): windir=C:\Windows
0x25228e (48): __COMPAT_LAYER=Installer
0x2522d0 (58): C:\Windows\SYSTEM32\ntdll.dll
0x252318 (38): C:\Windows\SYSTEM32
0x252350 (100): C:\Windows\SYSTEM32\;C:\Windows\system;C:\Windows;
0x252598 (48): C:\Users\quan\Downloads\
0x252908 (64): C:\Windows\SYSTEM32\KERNEL32.DLL
0x252a70 (62): C:\Windows\system32\apphelp.dll
0x252bd0 (68): C:\Windows\SYSTEM32\KERNELBASE.dll
0x252c30 (59): C:\Users\quan\AppData\Local\Temp\MicroMedia\MediaCenter.exe
0x253624 (12): ApphelpDebug
0x2536b0 (120): C:\Windows\Temp\AslLog_ApphelpDebug_MediaCenter.exe_4924.txt
0x254404 (12): shimengstate
0x25448e (122): %C:\Windows\Temp\AslLog_shimengstate_MediaCenter.exe_4924.txt
0x25484c (12): ShimDebugLog
0x2548d8 (120): C:\Windows\Temp\AslLog_ShimDebugLog_MediaCenter.exe_4924.txt
0x255d78 (1749): <?xml version="1.0" encoding="utf-8"?>
<MATCHED_ENTRIES>
</MATCHED_ENTRIES>
<SHIMENGSTATE PID="4924" FILENAME="C:\Users\quan\AppData\Local\Temp\MicroMedia\
MediaCenter.exe" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:schemas.microsoft.com/appcompat/2010/03/shimengstate
EngineState.xsd" xmlns="urn:schemas.microsoft.com/appcompat/2010/03/shimengstate">
<ENV NAME="__COMPAT_LAYER" VALUE="Installer"/>
<INEX MODE="EXCLUDE_SYSTEM32">
<INCLUDE MODULE="OLE32.dll"/>
<INCLUDE MODULE="OLEAUT32.dll"/>
<INCLUDE MODULE="MSVCRT.dll"/>
<INCLUDE MODULE="MSVCIRT.dll"/>
<INCLUDE MODULE="MSVCRT20.dll"/>
<INCLUDE MODULE="MSVCRT40.dll"/>
<INCLUDE MODULE="MFC40.dll"/>
<INCLUDE MODULE="MFC42.dll"/>
<INCLUDE MODULE="MFCSUBS.dll"/>
<INCLUDE MODULE="MFC42ENU.DLL"/>
<INCLUDE MODULE="MFCN42D.DLL"/>
<INCLUDE MODULE="MFCD42D.DLL"/>
<INCLUDE MODULE="MFCO42D.DLL"/>
<INCLUDE MODULE="MFC42D.DLL"/>
<INCLUDE MODULE="KERNEL32.DLL"/>
<EXCLUDE MODULE="BLACKBOX.DLL"/>
<EXCLUDE MODULE="FWCWSP.dll"/>
<EXCLUDE MODULE="FWCWSP64.dll"/>
</INEX>
<FIXES>
<SHIM NAME="SYSTEM">
</SHIM>
<SHIM NAME="Installer">
<HOOK MODULE="NTDLL.DLL" FUNCTION="NtCreateFile"/>
<HOOK MODULE="NTDLL.DLL" FUNCTION="NtSetInformationFile"/>
<HOOK MODULE="NTDLL.DLL" FUNCTION="NtSetValueKey"/>
<HOOK MODULE="ISRT.DLL" FUNCTION="_ShowWizardPages"/>
<HOOK MODULE="OLE32.DLL" FUNCTION="CoCreateInstance"/>
<HOOK MODULE="USER32.DLL" FUNCTION="SetWindowsHookExW"/>
<HOOK MODULE="USER32.DLL" FUNCTION="CallNextHookEx"/>
<INEX MODE="INCLUDE_ALL">
</INEX>
</SHIM>
</FIXES>
</SHIMENGSTATE>

0x256e48 (24): MFC42ENU.DLL


0x256e70 (24): OLEAUT32.dll
0x256e98 (20): MSVCRT.dll
0x256eb8 (22): MSVCIRT.dll
0x256ed8 (24): MSVCRT20.dll
0x256f00 (24): MSVCRT40.dll
0x256f68 (22): MFCSUBS.dll
0x256fd0 (22): MFCN42D.DLL
0x256ff0 (22): MFCD42D.DLL
0x257010 (22): MFCO42D.DLL
0x257030 (20): MFC42D.DLL
0x257050 (24): KERNEL32.DLL
0x257078 (24): BLACKBOX.DLL
0x2570c8 (20): FWCWSP.dll
0x2570e8 (24): FWCWSP64.dll
0x257110 (62): C:\Windows\system32\apphelp.dll
0x2574a0 (64): C:\Windows\System32\fwpuclnt.dll
0x2574f6 (22): (WS2_32.dll
0x2577e8 (20): sr-Latn-CS
0x2577fe (20): sr-Latn-RS
0x257876 (26): qps-Latn-x-sh
0x25a9e0 (20): lsasspirpc
0x25abc0 (22): DNSResolver
0x25acc0 (20): lsasspirpc
0x25b1a8 (60): C:\Windows\SYSTEM32\USER32.dll
0x25b1f0 (80): @%SystemRoot%\system32\pnrpnsp.dll,-1001
0x25b250 (84): @%SystemRoot%\system32\wshtcpip.dll,-60103
0x25b398 (30): DESKTOP-SH8VOCG
0x25b3d0 (58): C:\Windows\SYSTEM32\GDI32.dll
0x25b610 (38): NT AUTHORITY\SYSTEM
0x25b640 (30): DESKTOP-SH8VOCG
0x25b768 (62): C:\Windows\SYSTEM32\SHELL32.dll
0x25b8e8 (64): C:\Windows\SYSTEM32\OLEAUT32.dll
0x25b93e (24): %s\INetCache
0x25ba40 (60): C:\Windows\SYSTEM32\msvcrt.dll
0x25bc90 (78): C:\Windows\SYSTEM32\windows.storage.dll
0x25be28 (80): @%SystemRoot%\system32\napinsp.dll,-1000
0x25be8e (48): )ws\SYSTEM32\combase.dll
0x25bfa8 (62): C:\Windows\SYSTEM32\combase.dll
0x25c046 (36): 'a\MediaCenter.exe
0x25c210 (60): C:\Windows\SYSTEM32\RPCRT4.dll
0x25c2e8 (110): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCache
0x25c440 (62): C:\Windows\SYSTEM32\SspiCli.dll
0x25c488 (64): C:\Windows\SYSTEM32\iertutil.dll
0x25c848 (66): C:\Windows\SYSTEM32\CRYPTBASE.dll
0x25c898 (80): @%SystemRoot%\system32\pnrpnsp.dll,-1000
0x25c8f8 (78): @%SystemRoot%\system32\nlasvc.dll,-1000
0x25ce00 (80): C:\Windows\SYSTEM32\bcryptPrimitives.dll
0x25ce60 (15): multipart/mixed
0x25ce70 (25): multipart/x-mixed-replace
0x25ce8a (22): multipart/x-byteranges
0x25cea2 (70): icrosoft\Windows\INetCache\counters
0x25cfa8 (62): C:\Windows\SYSTEM32\sechost.dll
0x25d318 (138): C:\Users\quan\AppData\Local\Microsoft\Internet Explorer\
EmieSiteList\
0x25d3c0 (138): C:\Users\quan\AppData\Local\Microsoft\Internet Explorer\
EmieUserList\
0x25d510 (142): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCookies\
DNTException\
0x25d660 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=15608187
0x25e058 (64): C:\Windows\SYSTEM32\advapi32.dll
0x25e170 (62): C:\Windows\SYSTEM32\shlwapi.dll
0x25e1b8 (62): C:\Windows\SYSTEM32\shlwapi.dll
0x25e368 (76): C:\Windows\SYSTEM32\kernel.appcore.dll
0x25e3e8 (58): Microsoft\Windows\INetCookies
0x25e430 (58): C:\Windows\SYSTEM32\IMM32.DLL
0x25e508 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x25e550 (62): C:\Windows\SYSTEM32\profapi.dll
0x25e628 (62): C:\Windows\system32\mswsock.dll
0x25e6b8 (54): C:\Users\quan\AppData\Local
0x25e700 (16): vpn.premrera.com
0x25e712 (40): s\SYSTEM32\ole32.dll
0x25e790 (60): C:\Windows\SYSTEM32\WS2_32.dll
0x25e7d8 (44): MicrosoftEdge_iecompat
0x25e820 (46): MicrosoftEdge_iecompat:
0x25e8b0 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x25e940 (62): C:\Windows\SYSTEM32\WININET.dll
0x25e988 (62): C:\Windows\SYSTEM32\winhttp.dll
0x25e9d0 (60): C:\Windows\SYSTEM32\WINNSI.DLL
0x25ea18 (60): C:\Windows\SYSTEM32\shcore.dll
0x25ea60 (58): C:\Windows\SYSTEM32\MSCTF.dll
0x25eaf0 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x25eb38 (16): vpn.premrera.com
0x25eb80 (16): vpn.premrera.com
0x25f120 (64): C:\Windows\SYSTEM32\powrprof.dll
0x25f228 (22): profapi.dll
0x25f680 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15776015
0x25f740 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15779906
0x25f828 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15779906
0x260078 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15653687
0x260138 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15654531
0x260256 (118): %ommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x260a60 (118): \??\C:\Users\quan\AppData\Local\Microsoft\Windows\INetCache
0x260c60 (100): C:\Users\quan\AppData\Local\Microsoft\Feeds Cache\
0x260ce0 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16122234
0x260f60 (118): C:\Users\quan\AppData\Local\Temp\MicroMedia\MediaCenter.exe
0x261160 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15970218
0x2615e0 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16194187
0x2616e0 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x262c50 (54): Microsoft\Windows\INetCache
0x262e50 (54): C:\Windows\SYSTEM32\NSI.dll
0x2630d0 (50): Microsoft\Windows\History
0x2631d0 (52): NT AUTHORITY\LOCAL SERVICE
0x263210 (54): NT Authority\NetworkService
0x2643d0 (182): C:\Users\quan\AppData\Local\MicrosoftEdge\SharedCacheContainers\
MicrosoftEdge_DNTException\
0x264570 (182): C:\Users\quan\AppData\Local\Microsoft\Windows\History\History.IE5\
MSHist012024111120241112\
0x264b20 (178): C:\Users\quan\AppData\Local\MicrosoftEdge\SharedCacheContainers\
MicrosoftEdge_iecompatua\
0x264cc0 (180): C:\Users\quan\AppData\Local\MicrosoftEdge\SharedCacheContainers\
MicrosoftEdge_ieflipahead\
0x265758 (26): C:\Users\quan
0x2657d0 (30): MediaCenter.exe
0x265898 (26): Local AppData
0x265910 (26): AppData\Local
0x265fc0 (184): mrera.com:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16264968
0x266088 (32): vpn.premrera.com
0x2660b8 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16264968
0x2667ac (40): httpvpn.premrera.com
0x2667d6 (32): vpn.premrera.com
0x2667f8 (136): p?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16085093
0x266890 (32): vpn.premrera.com
0x2668c0 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16085093
0x267148 (24): EmieModeList
0x2672d0 (40): vpn.premrera.com:443
0x267420 (24): DNTException
0x2674c8 (26): DNTException:
0x267500 (26): EmieModeList:
0x267538 (24): EmieUserList
0x267570 (26): EmieUserList:
0x267618 (24): EmieSiteList
0x2676c0 (46): LRPC-1eb729b7f3d183e06b
0x267730 (26): EmieSiteList:
0x267848 (46): LRPC-1eb729b7f3d183e06b
0x267880 (40): ProgramData=C:\Progr
0x2678e8 (66): %SystemRoot%\system32\pnrpnsp.dll
0x267a34 (22): Hyper-V RAW
0x267b00 (94): C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
0x267b68 (52): MicrosoftEdge_DNTException
0x267bb8 (64): C:\Windows\SYSTEM32\IPHLPAPI.DLL
0x267c70 (54): =C:=C:\Users\quan\Downloads
0x267ca8 (60): ALLUSERSPROFILE=C:\ProgramData
0x267ce6 (74): APPDATA=C:\Users\quan\AppData\Roaming
0x267d32 (68): BuildLab=10240.th1_st1.170427-1347
0x267d78 (102): BuildLabEx=10240.17394.amd64fre.th1_st1.170427-1347
0x267de0 (108): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x267e4e (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x267ec6 (96): CommonProgramW6432=C:\Program Files\Common Files
0x267f28 (56): COMPUTERNAME=DESKTOP-SH8VOCG
0x267f62 (70): ComSpec=C:\Windows\system32\cmd.exe
0x267faa (96): FPS_BROWSER_APP_PROFILE_STRING=Internet Explorer
0x26800c (78): FPS_BROWSER_USER_PROFILE_STRING=Default
0x26805c (24): HOMEDRIVE=C:
0x268076 (40): HOMEPATH=\Users\quan
0x2680a0 (80): LOCALAPPDATA=C:\Users\quan\AppData\Local
0x2680f2 (58): LOGONSERVER=\\DESKTOP-SH8VOCG
0x26812e (44): NUMBER_OF_PROCESSORS=2
0x26815c (62): OneDrive=C:\Users\quan\OneDrive
0x26819c (26): OS=Windows_NT
0x2681b8 (268): Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\
Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0x2682c6 (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x268342 (52): PROCESSOR_ARCHITECTURE=x86
0x268378 (56): PROCESSOR_ARCHITEW6432=AMD64
0x2683b2 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 140 Stepping 1,
GenuineIntel
0x268444 (34): PROCESSOR_LEVEL=6
0x268468 (46): PROCESSOR_REVISION=8c01
0x268498 (52): ProgramData=C:\ProgramData
0x2684ce (70): ProgramFiles=C:\Program Files (x86)
0x268516 (80): ProgramFiles(x86)=C:\Program Files (x86)
0x268568 (58): ProgramW6432=C:\Program Files
0x2685a4 (22): PROMPT=$P$G
0x2685bc (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x26863e (44): PUBLIC=C:\Users\Public
0x26866c (28): SystemDrive=C:
0x26868a (42): SystemRoot=C:\Windows
0x2686b6 (74): TEMP=C:\Users\quan\AppData\Local\Temp
0x268702 (72): TMP=C:\Users\quan\AppData\Local\Temp
0x26874c (52): USERDOMAIN=DESKTOP-SH8VOCG
0x268782 (82): USERDOMAIN_ROAMINGPROFILE=DESKTOP-SH8VOCG
0x2687d6 (26): USERNAME=quan
0x2687f2 (50): USERPROFILE=C:\Users\quan
0x268826 (34): windir=C:\Windows
0x26884a (48): __COMPAT_LAYER=Installer
0x26888a (102): @Software\Policies\Microsoft\Internet Explorer\Main
0x268a96 (102): %Software\Policies\Microsoft\Internet Explorer\Main
0x269d30 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15612718
0x269dc9 (11): l
t://vpn.p
0x269ec8 (32): vpn.premrera.com
0x269ef8 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15743093
0x26a029 (11): l
t://vpn.p
0x26a0c1 (11): l
t://vpn.p
0x26a158 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15850843
0x26a1f0 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16050187
0x26a288 (120): C:\Users\quan\AppData\Local\Microsoft\Windows\IECompatCache\
0x26a320 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15816671
0x26a3b8 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16126562
0x26a450 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15971093
0x26a4e8 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15779906
0x26a580 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16015250
0x26a618 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16087906
0x26a6b0 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16196140
0x26a748 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15691609
0x26a7e4 (106): C:\Users\quan\AppData\Local\Microsoft\Windows\History
0x26a850 (22): History.IE5
0x26a878 (124): C:\Users\quan\AppData\Local\Microsoft\Windows\IECompatUaCache\
0x26a910 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15654531
0x26a9a8 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15928734
0x26aa40 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15886468
0x26aad8 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16160359
0x26ab70 (138): ?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16232031
0x26ac70 (32): vpn.premrera.com
0x26ad98 (82): @%SystemRoot%\System32\mswsock.dll,-60100
0x26af9a (68): )%SystemRoot%\system32\mswsock.dll
0x26b238 (82): @%SystemRoot%\System32\mswsock.dll,-60101
0x26b43a (68): )%SystemRoot%\system32\mswsock.dll
0x26b6d8 (82): @%SystemRoot%\System32\mswsock.dll,-60102
0x26b8da (68): )%SystemRoot%\system32\mswsock.dll
0x26bb78 (82): @%SystemRoot%\System32\mswsock.dll,-60200
0x26bd7a (68): )%SystemRoot%\system32\mswsock.dll
0x26c018 (82): @%SystemRoot%\System32\mswsock.dll,-60201
0x26c21a (68): )%SystemRoot%\system32\mswsock.dll
0x26c4b8 (82): @%SystemRoot%\System32\mswsock.dll,-60202
0x26c6ba (68): )%SystemRoot%\system32\mswsock.dll
0x26c958 (76): @%SystemRoot%\System32\wshqos.dll,-100
0x26cb5a (68): 8%SystemRoot%\system32\mswsock.dll
0x26cdf8 (76): @%SystemRoot%\System32\wshqos.dll,-101
0x26cffa (68): @%SystemRoot%\system32\mswsock.dll
0x26d298 (76): @%SystemRoot%\System32\wshqos.dll,-102
0x26d49a (68): H%SystemRoot%\system32\mswsock.dll
0x26d738 (76): @%SystemRoot%\System32\wshqos.dll,-103
0x26d93a (68): (%SystemRoot%\system32\mswsock.dll
0x26dbd8 (22): Hyper-V RAW
0x26ddda (68): P%SystemRoot%\system32\mswsock.dll
0x26e028 (66): %SystemRoot%\system32\pnrpnsp.dll
0x26e278 (64): %SystemRoot%\system32\NLAapi.dll
0x26e4c8 (66): %SystemRoot%\System32\mswsock.dll
0x26e718 (64): %SystemRoot%\System32\winrnr.dll
0x272140 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x273140 (16): qqqqqqqqqqqqqqqq
0x273468 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15724125
0x273548 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15686390
0x273708 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15724125
0x273ee8 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15811796
0x274268 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15775000
0x274348 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15645656
0x274428 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15645656
0x2745e8 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15686390
0x274f88 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15775000
0x275970 (22): DNSResolver
0x275990 (16): qqqqqqqqqqqqqqqq
0x2759d0 (10): 400 Badj9
0x275a28 (16): text/html
Conte
0x275a58 (15): 173.254.226.212
0x275aa0 (12): /viewpre.asp
0x275ae8 (15): 212.622.452.371
0x275b30 (12): /viewpre.asp
0x275bf0 (15): 173.254.226.212
0x275c38 (15): 173.254.226.212
0x275e98 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15612718
0x275f80 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15612718
0x276150 (56): C:\Users\quan\AppData\Local\
0x27618a (70): pt3146-768314168-1967572049&tom=0&i
0x2761d8 (116): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCache\IE
0x276260 (114): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCookies
0x2762e8 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15776015
0x2763f8 (112): \quan\AppData\Local\Microsoft\Windows\INetCache\Content.
0x276470 (118): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCache\IE\
0x276508 (106): sers\quan\AppData\Local\Microsoft\Windows\INetCookies
0x276590 (98): \quan\AppData\Local\Microsoft\Windows\INetCookies
0x276608 (116): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCookies\
0x276690 (106): C:\Users\quan\AppData\Local\Microsoft\Windows\History
0x27671a (88): quan\AppData\Local\Microsoft\Windows\History
0x2767a0 (74): pData\Local\Microsoft\Windows\History
0x276818 (132): C:\Users\quan\AppData\Local\Microsoft\Windows\History\History.IE5\
0x276f90 (118): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCache\IE\
0x2770c0 (152): C:\Users\quan\AppData\Local\Microsoft\Internet Explorer\
EmieBrowserModeList\
0x277178 (128): C:\Users\quan\AppData\Local\Microsoft\Windows\IEDownloadHistory\
0x277218 (174): C:\Users\quan\AppData\Local\MicrosoftEdge\SharedCacheContainers\
MicrosoftEdge_iecompat\
0x2772e0 (48): MicrosoftEdge_iecompatua
0x277330 (50): MicrosoftEdge_iecompatua:
0x2774d0 (186): webcache_{031b98cf-4a69-4c31-ab42-fd9b3c199407}_S-1-5-21-245077564-
3469246947-3992900880-1001
0x2776c0 (186): webcache_{031b98cf-4a69-4c31-ab42-fd9b3c199407}_S-1-5-21-245077564-
3469246947-3992900880-1001
0x27777c (24): 2900880-1001
0x2777a0 (32): \RPC Control\web
0x277918 (186): webcache_{031b98cf-4a69-4c31-ab42-fd9b3c199407}_S-1-5-21-245077564-
3469246947-3992900880-1001
0x277d50 (79): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16316703
0x278290 (28): cache_{7329ea8
0x278364 (48): ol\webcache_{7329ea82-08
0x278408 (54): MicrosoftEdge_DNTException:
0x2785d8 (186): webcache_{031b98cf-4a69-4c31-ab42-fd9b3c199407}_S-1-5-21-245077564-
3469246947-3992900880-1001
0x278b28 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15811796
0x278c08 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15608187
0x278f88 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15608187
0x279704 (20): cal\window
0x279738 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15608187
0x2798a4 (24): DNTException
0x2798cc (26): DNTException:
0x2798f4 (142): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCookies\
DNTException\
0x279990 (24): EmieModeList
0x2799b8 (26): EmieModeList:
0x2799e0 (152): C:\Users\quan\AppData\Local\Microsoft\Internet Explorer\
EmieBrowserModeList\
0x279a88 (24): EmieSiteList
0x279ab0 (26): EmieSiteList:
0x279ad8 (138): C:\Users\quan\AppData\Local\Microsoft\Internet Explorer\
EmieSiteList\
0x279b70 (24): EmieUserList
0x279b98 (26): EmieUserList:
0x279bc0 (138): C:\Users\quan\AppData\Local\Microsoft\Internet Explorer\
EmieUserList\
0x279c98 (100): C:\Users\quan\AppData\Local\Microsoft\Feeds Cache\
0x279d4c (120): C:\Users\quan\AppData\Local\Microsoft\Windows\IECompatCache\
0x279dd4 (20): iecompatua
0x279df8 (22): iecompatua:
0x279e1c (124): C:\Users\quan\AppData\Local\Microsoft\Windows\IECompatUaCache\
0x279ea8 (20): iedownload
0x279ecc (22): iedownload:
0x279ef0 (128): C:\Users\quan\AppData\Local\Microsoft\Windows\IEDownloadHistory\
0x279f80 (52): MicrosoftEdge_DNTException
0x279fc4 (54): MicrosoftEdge_DNTException:
0x27a008 (182): C:\Users\quan\AppData\Local\MicrosoftEdge\SharedCacheContainers\
MicrosoftEdge_DNTException\
0x27a0cc (44): MicrosoftEdge_iecompat
0x27a108 (46): MicrosoftEdge_iecompat:
0x27a144 (174): C:\Users\quan\AppData\Local\MicrosoftEdge\SharedCacheContainers\
MicrosoftEdge_iecompat\
0x27a200 (48): MicrosoftEdge_iecompatua
0x27a240 (50): MicrosoftEdge_iecompatua:
0x27a280 (178): C:\Users\quan\AppData\Local\MicrosoftEdge\SharedCacheContainers\
MicrosoftEdge_iecompatua\
0x27a340 (50): MicrosoftEdge_ieflipahead
0x27a380 (52): MicrosoftEdge_ieflipahead:
0x27a3c4 (180): C:\Users\quan\AppData\Local\MicrosoftEdge\SharedCacheContainers\
MicrosoftEdge_ieflipahead\
0x27a488 (48): MSHist012024111120241112
0x27a4c8 (38): :2024111120241112:
0x27a4fc (182): C:\Users\quan\AppData\Local\Microsoft\Windows\History\History.IE5\
MSHist012024111120241112\
0x27a7d6 (13): moc.tfosorcim
0x27a7e4 (13): microsoft.com
0x27a800 (50): MicrosoftEdge_ieflipahead
0x27a850 (52): MicrosoftEdge_ieflipahead:
0x27a8a0 (70): Security=Impersonation Dynamic True
0x27a8f0 (70): Security=Impersonation Dynamic True
0x27a990 (48): MSHist012024111120241112
0x27ab20 (70): Security=Impersonation Dynamic True
0x27acb0 (64): C:\Windows\System32\fwpuclnt.dll
0x27ad50 (70): Security=Impersonation Dynamic True
0x27ae40 (64): C:\Windows\System32\rasadhlp.dll
0x27ae90 (70): Security=Impersonation Dynamic True
0x27b1e0 (48): \RPC Control\DNSResolver
0x27b5a0 (51): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x27bc20 (38): :2024111120241112:
0x27bea0 (52): netprofm,netman,dcomlaunch
0x27bf28 (62): OLE7858D7225EA54D1404C54053EFF4
0x27bfb8 (60): C:\Windows\SYSTEM32\urlmon.dll
0x27c048 (60): C:\Windows\SYSTEM32\bcrypt.dll
0x27c090 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27c120 (62): OLE7858D7225EA54D1404C54053EFF4
0x27c21e (10): moc.evil.g
0x27c229 (10): g.live.com
0x27c3a8 (62): OLE7858D7225EA54D1404C54053EFF4
0x27c3f0 (62): C:\Windows\system32\jsproxy.dll
0x27c480 (62): OLE7858D7225EA54D1404C54053EFF4
0x27c4c8 (62): OLE7858D7225EA54D1404C54053EFF4
0x27c510 (60): C:\Windows\SYSTEM32\DNSAPI.dll
0x27c558 (62): OLE7858D7225EA54D1404C54053EFF4
0x27c828 (16): vpn.premrera.com
0x27c839 (38): atible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27c870 (62): C:\Windows\system32\jsproxy.dll
0x27c900 (16): vpn.premrera.com
0x27c911 (46): eibpt3146-768314168-1967572049.jpg?id=15970218
0x27c948 (15): 173.254.226.212
0x27c958 (47): ueibpt3146-768314168-1967572049.jpg?id=16231156
0x27ca20 (15): 173.254.226.212
0x27ca30 (39): patible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27ca68 (16): vpn.premrera.com
0x27ca7a (44): s\system32\jsproxy.dll
0x27cab0 (15): 173.254.226.212
0x27cac2 (44): s\system32\jsproxy.dll
0x27caf8 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cb40 (15): 173.254.226.212
0x27cb51 (38): atible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cb88 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cbd0 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cc18 (15): 173.254.226.212
0x27cc28 (39): patible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cc60 (15): 173.254.226.212
0x27cc71 (38): atible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cca8 (16): vpn.premrera.com
0x27ccb9 (38): atible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27ccf0 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cd38 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cd80 (16): vpn.premrera.com
0x27cd91 (38): atible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cdc8 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27ce10 (62): C:\Windows\system32\jsproxy.dll
0x27ce58 (55): Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cea0 (16): vpn.premrera.com
0x27ceb1 (38): atible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x27cf60 (38): C:\Windows\rescache
0x27cfc0 (32): vpn.premrera.com
0x27cff0 (32): vpn.premrera.com
0x27d020 (32): vpn.premrera.com
0x27d050 (32): vpn.premrera.com
0x27d080 (32): vpn.premrera.com
0x27d0b0 (32): vpn.premrera.com
0x27d0e0 (32): vpn.premrera.com
0x27d110 (32): vpn.premrera.com
0x27d4a0 (32): vpn.premrera.com
0x27d560 (32): vpn.premrera.com
0x27d590 (32): vpn.premrera.com
0x27d620 (32): vpn.premrera.com
0x27d650 (32): vpn.premrera.com
0x27d680 (32): vpn.premrera.com
0x27d6b0 (38): 173.254.226.212:443
0x27d858 (186): webcache_{031b98cf-4a69-4c31-ab42-fd9b3c199407}_S-1-5-21-245077564-
3469246947-3992900880-1001
0x27dfb6 (22): moc.tfosorcim.enilnoei
0x27dfcd (22): ieonline.microsoft.com
0x27dff0 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x27e0a0 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15654531
0x27e188 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x27e920 (16): qqqqqqqqqqqqqqqq
0x27f078 (73): .asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15971093
0x27f8e0 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16230250
0x27fb80 (152): Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Lockdown_Zones\3
0x27fc28 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16316703
0x27fec8 (152): Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Lockdown_Zones\1
0x27ff70 (152): Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Lockdown_Zones\4
0x2800c0 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16230250
0x280210 (152): Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Lockdown_Zones\2
0x2802b8 (152): Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Lockdown_Zones\0
0x280750 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16316703
0x280be8 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16230250
0x280c90 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16316703
0x2819de (452): (C:\Users\quan\AppData\Local\Temp\MicroMedia;C:\Windows\
SYSTEM32\;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\
System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\
Graphviz\bin
0x281bd8 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15970218
0x281c98 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15970218
0x281d58 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15849921
0x281e18 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15849921
0x281ed8 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15885000
0x281f98 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16014343
0x282058 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15927843
0x282118 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15885000
0x2821d8 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15927843
0x282298 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16014343
0x2823e0 (108): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16087906
0x282458 (108): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16196140
0x2824d0 (105): http://173.254.226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703
0x282548 (108): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16087906
0x2825c0 (106): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16264968
0x282638 (105): http://173.254.226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703
0x2826b0 (106): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16192265
0x282728 (105): http://173.254.226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703
0x2827a0 (108): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16196140
0x282818 (108): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2828cc (32): vpn.premrera.com
0x282908 (108): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2829bc (32): vpn.premrera.com
0x282a34 (32): vpn.premrera.com
0x282a70 (106): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16264968
0x282ae8 (105): http://173.254.226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703
0x282b5e (90): *wpre.asp?cstring=qrfxgbctfueibpt3146-7683141
0x282f90 (16): qqqqqqqqqqqqqqqq
0x283048 (134): Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
0x283250 (24): /viewpre.asp
0x283278 (24): ?id=15812750
0x2832c8 (24): /viewpre.asp
0x2832f0 (24): /viewpre.asp
0x283318 (24): /viewpre.asp
0x283340 (24): /viewpre.asp
0x283368 (24): ?id=15849921
0x2833b8 (24): ?id=15690781
0x2833e0 (24): /viewpre.asp
0x283430 (30): DESKTOP-SH8VOCG
0x283458 (24): /viewpre.asp
0x2834d0 (24): ?id=15653687
0x2834f8 (24): /viewpre.asp
0x283520 (24): /viewpre.asp
0x283548 (24): /viewpre.asp
0x283570 (24): /viewpre.asp
0x283598 (24): /viewpre.asp
0x2835c0 (24): ?id=15776015
0x283614 (24): premrera.com
0x283638 (24): premrera.com
0x283660 (30): DESKTOP-SH8VOCG
0x283688 (24): ?id=15725859
0x2836b0 (24): ?id=15611843
0x2836d8 (24): /viewpre.asp
0x283728 (24): dummy://url/
0x2837f0 (24): /viewpre.asp
0x283840 (30): mediacenter.exe
0x2838e0 (24): /viewpre.asp
0x284568 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15690781
0x284628 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x284bd0 (16): qqqqqqqqqqqqqqqq
0x285000 (32): vpn.premrera.com
0x285022 (92): eibpt3146-768314168-1967572049.jpg?id=16122234
0x285198 (116): C:\Users\quan\AppData\Local\Microsoft\Windows\INetCookies\
0x2852a8 (32): vpn.premrera.com
0x2852ca (92): eibpt3146-768314168-1967572049.jpg?id=16159468
0x2853b8 (32): vpn.premrera.com
0x285550 (32): vpn.premrera.com
0x285572 (92): eibpt3146-768314168-1967572049.jpg?id=16194187
0x2856e8 (30): 173.254.226.212
0x2857f8 (32): vpn.premrera.com
0x28581a (92): eibpt3146-768314168-1967572049.jpg?id=16194187
0x285a18 (30): 173.254.226.212
0x285aa0 (126): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg?id=16231156
0x285bb0 (126): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg?id=16231156
0x285cc0 (32): vpn.premrera.com
0x285ce2 (92): eibpt3146-768314168-1967572049.jpg?id=16159468
0x285d48 (30): 173.254.226.212
0x285d68 (94): ueibpt3146-768314168-1967572049.jpg?id=16231156
0x285e58 (126): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg?id=16159468
0x2861e8 (134): Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
0x286278 (134): Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
0x286318 (90): era.com:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=15608187
0x286928 (22): about:blank
0x286988 (22): dummy://url
0x286b48 (22): about:blank
0x286ff0 (48): http://vpn.premrera.com/
0x287060 (28): n.premrera.com
0x28707e (32): vpn.premrera.com
0x2870a0 (12): che-Control:
0x287140 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x2871b0 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x287220 (24): http://vpn.premrera.com/
0x287300 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x287370 (23): http://173.254.226.212/
0x2873e0 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x287450 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x287530 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x287760 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x287cc0 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x287d3e (36): (m=255&id=15743093
0x287d70 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15743093
0x287e58 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15743093
0x287f40 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x2883d8 (16): qqqqqqqqqqqqqqqq
0x288da0 (16): qqqqqqqqqqqqqqqq
0x289148 (134): Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
0x289200 (162): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16232031
0x289620 (162): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16232031
0x2898e0 (162): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16160359
0x289d00 (162): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16196140
0x28a2a8 (40): vpn.premrera.com:443
0x28a2e0 (40): vpn.premrera.com:443
0x28a318 (40): vpn.premrera.com:443
0x28a350 (40): vpn.premrera.com:443
0x28a388 (46): LRPC-1eb729b7f3d183e06b
0x28a3c0 (40): vpn.premrera.com:443
0x28a3f8 (46): LRPC-1eb729b7f3d183e06b
0x28a430 (46): LRPC-1eb729b7f3d183e06b
0x28a468 (40): vpn.premrera.com:443
0x28a510 (46): LRPC-1eb729b7f3d183e06b
0x28a548 (46): LRPC-1eb729b7f3d183e06b
0x28a5b8 (46): LRPC-1eb729b7f3d183e06b
0x28a5f0 (46): LRPC-1eb729b7f3d183e06b
0x28a628 (40): vpn.premrera.com:443
0x28a664 (32): vpn.premrera.com
0x28a708 (46): LRPC-1eb729b7f3d183e06b
0x28a778 (40): vpn.premrera.com:443
0x28a7b0 (40): vpn.premrera.com:443
0x28a7e8 (40): vpn.premrera.com:443
0x28a820 (40): vpn.premrera.com:443
0x28a8c8 (46): LRPC-1eb729b7f3d183e06b
0x28a900 (46): LRPC-1eb729b7f3d183e06b
0x28a938 (46): LRPC-1eb729b7f3d183e06b
0x28a970 (40): vpn.premrera.com:443
0x28a9a8 (40): vpn.premrera.com:443
0x28a9e0 (40): vpn.premrera.com:443
0x28c3f8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15850843
0x28c4e0 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15850843
0x28d228 (50): RSVP UDP Service Provider
0x28d638 (54): RSVP TCPv6 Service Provider
0x28d840 (50): RSVP TCP Service Provider
0x28da48 (54): RSVP UDPv6 Service Provider
0x28dc50 (22): Hyper-V RAW
0x28e048 (136): Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\
0x28e268 (136): Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\
0x28e8e0 (134): Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
0x28e970 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16192265
0x28ea90 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15775000
0x28eb20 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15968265
0x28ebb0 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15925406
0x28ec40 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15882765
0x28ecd0 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15724125
0x28ed60 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16006015
0x28edf0 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15608187
0x28ee80 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16085093
0x28ef10 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15645656
0x28efa0 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16120359
0x28f030 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16158453
0x28f0c0 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15686390
0x28f150 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16316703
0x28f1e0 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16264968
0x28f270 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15848546
0x28f300 (105): http://173.254.226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703
0x28f540 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15811796
0x28f5d0 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16230250
0x28f660 (106): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16264968
0x28f780 (134): ?cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16047156
0x28f998 (186): webcache_{031b98cf-4a69-4c31-ab42-fd9b3c199407}_S-1-5-21-245077564-
3469246947-3992900880-1001
0x28fa60 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15653687
0x28fb20 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x28fd54 (22): knownfolder
0x28ff90 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2900e8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16015250
0x291108 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15691609
0x2911f0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15725859
0x2912b0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15725859
0x291378 (42): 146-768314168-1967572049&tom=0&id=15724125
0x2917a8 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x291860 (18): trol: no-cache

0x291c90 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-


1967572049.jpg?id=15812750
0x291d50 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15812750
0x291e10 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15816671
0x291ef8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15816671
0x291fe0 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x292242 (26): 32\rasadhlp.d
0x292288 (246): C:\Windows\WinSxS\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.10240.17184_none_3bcab1476bcee5ec\Comctl32.dll
0x2924c0 (102): /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg
0x292580 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15611843
0x292640 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15690781
0x2927b8 (44): 146-768314168-1967572049&tom=255&id=16050187
0x292940 (222): C:\Windows\WinSxS\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.10240.17184_none_3bcab1476bcee5ec\
0x292e20 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x292ef0 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16194187
0x292f58 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x293090 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x293160 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16194187
0x293230 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x293300 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x293368 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x293508 (46): http://173.254.226.212/
0x293538 (42): t3146-768314168-1967572049.jpg?id=16087046
0x293570 (90): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16194187
0x293694 (20): vpn.premre
0x2936b8 (30): pn.premrera.com
0x293c20 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=15611843
0x293ce0 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15691609
0x293ff4 (40): MSAFD Tcpip [TCP/IP]
0x29401e (40): 2\mswsock.dll,-60100
0x294268 (40): MSAFD Tcpip [UDP/IP]
0x294292 (40): 2\mswsock.dll,-60101
0x2944dc (40): MSAFD Tcpip [RAW/IP]
0x294506 (40): 2\mswsock.dll,-60102
0x294750 (44): MSAFD Tcpip [TCP/IPv6]
0x29477e (36): mswsock.dll,-60200
0x2949c4 (44): MSAFD Tcpip [UDP/IPv6]
0x2949f2 (36): mswsock.dll,-60201
0x294c38 (44): MSAFD Tcpip [RAW/IPv6]
0x294c66 (36): mswsock.dll,-60202
0x294eac (54): RSVP TCPv6 Service Provider
0x294ee4 (20): s.dll,-100
0x295120 (50): RSVP TCP Service Provider
0x295154 (24): qos.dll,-101
0x295394 (54): RSVP UDPv6 Service Provider
0x2953cc (20): s.dll,-102
0x295608 (50): RSVP UDP Service Provider
0x29563c (24): qos.dll,-103
0x29587c (22): Hyper-V RAW
0x295a88 (40): MSAFD Tcpip [TCP/IP]
0x295c90 (40): MSAFD Tcpip [UDP/IP]
0x295e98 (40): MSAFD Tcpip [RAW/IP]
0x2960a0 (44): MSAFD Tcpip [TCP/IPv6]
0x2962a8 (44): MSAFD Tcpip [UDP/IPv6]
0x2964b0 (44): MSAFD Tcpip [RAW/IPv6]
0x2979e0 (24): 400 Bad Request
Server
0x297b10 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16120359
0x297e90 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16085093
0x298050 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16047156
0x2983d0 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16047156
0x298ad0 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16120359
0x298c90 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16006015
0x298e50 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16006015
0x2990f0 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16085093
0x299630 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16158453
0x2999f0 (16): HTTP/1.1 400 Bad
0x299a38 (32): vpn.premrera.com
0x299a68 (32): vpn.premrera.com
0x299a98 (32): vpn.premrera.com
0x299ac8 (32): vpn.premrera.com
0x299af8 (32): vpn.premrera.com
0x299b28 (32): vpn.premrera.com
0x299b58 (32): vpn.premrera.com
0x299b88 (32): vpn.premrera.com
0x299bb8 (32): vpn.premrera.com
0x299be8 (32): vpn.premrera.com
0x299c18 (32): vpn.premrera.com
0x299c48 (32): vpn.premrera.com
0x299c78 (32): vpn.premrera.com
0x299ca8 (32): vpn.premrera.com
0x299cd8 (32): vpn.premrera.com
0x299d08 (32): vpn.premrera.com
0x299d38 (32): vpn.premrera.com
0x299d68 (32): vpn.premrera.com
0x299d98 (32): vpn.premrera.com
0x299dc8 (32): vpn.premrera.com
0x299df8 (32): vpn.premrera.com
0x299e28 (32): vpn.premrera.com
0x299e58 (32): vpn.premrera.com
0x299e88 (32): vpn.premrera.com
0x299eb8 (32): vpn.premrera.com
0x299ee8 (32): vpn.premrera.com
0x299f18 (32): vpn.premrera.com
0x299f48 (32): vpn.premrera.com
0x299f78 (32): vpn.premrera.com
0x299fa8 (32): vpn.premrera.com
0x299fd8 (32): vpn.premrera.com
0x29a008 (32): vpn.premrera.com
0x29a038 (32): vpn.premrera.com
0x29a068 (32): vpn.premrera.com
0x29a098 (32): vpn.premrera.com
0x29a0c8 (32): vpn.premrera.com
0x29a0f8 (32): vpn.premrera.com
0x29a128 (32): vpn.premrera.com
0x29a158 (32): vpn.premrera.com
0x29a188 (32): vpn.premrera.com
0x29a1b8 (32): vpn.premrera.com
0x29a268 (24): /viewpre.asp
0x29a290 (24): /viewpre.asp
0x29a2b8 (24): /viewpre.asp
0x29a2e0 (24): ?id=16194187
0x29a308 (24): /viewpre.asp
0x29a330 (24): /viewpre.asp
0x29a380 (30): 173.254.226.212
0x29a3a8 (30): 173.254.226.212
0x29a3d0 (30): 173.254.226.212
0x29a428 (25): 400 Bad Request
Server'
0x29a448 (33): sty
Date: Mon, 11 Nov 2024 14:1"
0x29a498 (24): premrera.com
0x29a4c0 (30): 173.254.226.212
0x29a4e8 (30): 173.254.226.212
0x29a510 (24): /viewpre.asp
0x29a538 (24): ?id=16231156
0x29a560 (30): 173.254.226.212
0x29a5b4 (24): premrera.com
0x29a5d8 (24): premrera.com
0x29a600 (24): ?id=16087046
0x29a628 (24): ?id=16122234
0x29a650 (24): /viewpre.asp
0x29a6a0 (24): /viewpre.asp
0x29a6c8 (24): ?id=16159468
0x29a718 (24): /viewpre.asp
0x29a740 (24): /viewpre.asp
0x29a768 (24): ?id=16014343
0x29a790 (24): /viewpre.asp
0x29a7b8 (24): ?id=15885000
0x29a7e0 (24): /viewpre.asp
0x29a808 (24): /viewpre.asp
0x29a830 (24): /viewpre.asp
0x29a858 (24): ?id=15927843
0x29a880 (24): /viewpre.asp
0x29a8a8 (24): ?id=15970218
0x29a8d0 (24): /viewpre.asp
0x29a8f8 (24): /viewpre.asp
0x29a920 (24): /viewpre.asp
0x29a970 (24): /viewpre.asp
0x29a998 (24): ?id=16049281
0x29a9c0 (24): /viewpre.asp
0x29a9e8 (24): /viewpre.asp
0x29baf0 (96): POST /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=15654531 HTTP/1.1O
0x29bb7b (65): User-AgentMozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
0x29bbe8 (24): Hostvpn.premrera.com:443
0x29bc2c (21): Content-Length28POST'
0x29bcc7 (21): Cache-Controlno-cache
0x29f1c0 (16): qqqqqqqqqqqqqqqq
0x29f5e0 (16): qqqqqqqqqqqqqqqq
0x29f65c (40): *4<<DDLLTT\\ddlltt||
0x29f752 (50): )$$,,44<<DDLLTT\\ddlltt||
0x2a0e28 (40): vpn.premrera.com:443
0x2a0e60 (40): vpn.premrera.com:443
0x2a0e98 (40): vpn.premrera.com:443
0x2a0ed0 (40): vpn.premrera.com:443
0x2a0f08 (40): vpn.premrera.com:443
0x2a0f40 (40): vpn.premrera.com:443
0x2a0f78 (40): vpn.premrera.com:443
0x2a0fb0 (40): vpn.premrera.com:443
0x2a1020 (40): vpn.premrera.com:443
0x2a1058 (40): vpn.premrera.com:443
0x2a1090 (40): vpn.premrera.com:443
0x2a1100 (40): vpn.premrera.com:443
0x2a1138 (40): vpn.premrera.com:443
0x2a1170 (40): vpn.premrera.com:443
0x2a11a8 (40): vpn.premrera.com:443
0x2a11e0 (40): vpn.premrera.com:443
0x2a1218 (40): vpn.premrera.com:443
0x2a1250 (40): vpn.premrera.com:443
0x2a1288 (40): vpn.premrera.com:443
0x2a12c0 (40): vpn.premrera.com:443
0x2a12f8 (40): vpn.premrera.com:443
0x2a1330 (40): vpn.premrera.com:443
0x2a1368 (40): vpn.premrera.com:443
0x2a13a0 (40): vpn.premrera.com:443
0x2a13d8 (40): vpn.premrera.com:443
0x2a1410 (40): vpn.premrera.com:443
0x2a1448 (40): vpn.premrera.com:443
0x2a1480 (40): vpn.premrera.com:443
0x2a14bc (30): 173.254.226.212
0x2a14f0 (40): vpn.premrera.com:443
0x2a1528 (40): vpn.premrera.com:443
0x2a1560 (40): vpn.premrera.com:443
0x2a1598 (40): vpn.premrera.com:443
0x2a16a8 (182): .226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16316703
0x2a176c (30): 173.254.226.212
0x2a1798 (158): /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16316703
0x2a2750 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16158453
0x2a2830 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15848546
0x2a2c90 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15925406
0x2a2e50 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15925406
0x2a3390 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15882765
0x2a37f0 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15848546
0x2a3c50 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15882765
0x2a4190 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15968265
0x2a4510 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=15968265
0x2a7668 (93): POST /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16316703 HTTP/1.1
0x2a76f1 (68): User-AgentMozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)2w*
0x2a775e (26): Host173.254.226.212:443uw*
0x2a77a1 (110): Content-Length176POST /viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703 HTTP/1.1
0x2a783b (21): Cache-Controlno-cache
0x2a8704 (32): vpn.premrera.com
0x2a8726 (32): vpn.premrera.com
0x2a8748 (33): ort</title></head>
<body>
<cenB
0x2a8770 (203): GET /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg?id=16159468
HTTP/1.1
User-Agent: Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
Host: vpn.premrera.com:443
Cache-Control: no-cache

(
0x2a8848 (202): GET /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg?id=16087046
HTTP/1.1
User-Agent: Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
Host: vpn.premrera.com:443
Cache-Control: no-cache

0x2a8ad0 (202): GET /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg?id=16194187


HTTP/1.1
User-Agent: Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
Host: vpn.premrera.com:443
Cache-Control: no-cache

0x2a8ba8 (121): nter>


<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>openresty</center>
</body>
</html>

0x2a8f08 (202): GET /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg?id=16122234


HTTP/1.1
User-Agent: Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
Host: vpn.premrera.com:443
Cache-Control: no-cache

0x2a9191 (11): l
t/photo/q
0x2a9268 (202): GET /photo/qrfxgbctfueibpt3146-768314168-1967572049.jpg?id=16231156
HTTP/1.1
User-Agent: Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+SV1)
Host: vpn.premrera.com:443
Cache-Control: no-cache

0x2a96b0 (216): http://vpn.premrera.com:443/viewpre.asp?


cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15928734
0x2a9798 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15886468
0x2a9880 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16015250
0x2a9968 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15971093
0x2a9a50 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16160359
0x2a9b38 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15971093
0x2a9c20 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16050187
0x2a9d08 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16087906
0x2a9df0 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16015250
0x2a9ed8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16087906
0x2a9fc0 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16126562
0x2aa0a8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15886468
0x2aa190 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16050187
0x2aa278 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=15928734
0x2aa360 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16196140
0x2aa448 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16126562
0x2aa530 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16160359
0x2abaa0 (16): qqqqqqqqqqqqqqqq
0x2abb20 (126): ring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16006015
0x2abfa0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16122234
0x2ac1e0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16159468
0x2ac420 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16014343
0x2ac720 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16159468
0x2ac7e0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x2ac960 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16194187
0x2acb62 (54): gbctfueibpt3146-768314168-1
0x2acba0 (46): 72049&tom=0&id=15968265
0x2acd20 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16194187
0x2acde0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16159468
0x2ad1a0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16194187
0x2ad260 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x2ad320 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16049281
0x2ad3e0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x2ad4a0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16231156
0x2ad560 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16087046
0x2ad620 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16122234
0x2ad6e0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16087046
0x2ad7a0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16122234
0x2ad860 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16049281
0x2ad920 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16014343
0x2ad9e0 (180): http://vpn.premrera.com:443/photo/qrfxgbctfueibpt3146-768314168-
1967572049.jpg?id=16014343
0x2adb28 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16196140
0x2adc10 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16196140
0x2adec8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2ae438 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2ae520 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2ae8c0 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16196140
0x2ae9a8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16196140
0x2aeb78 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2af000 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2af0e8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2af2b8 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16232031
0x2af910 (216): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=255&id=16196140
0x2afc10 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16230250
0x2b03f0 (210): http://173.254.226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703
0x2b04d0 (210): http://173.254.226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703
0x2b0850 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16192265
0x2b0af0 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16264968
0x2b0bd0 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16230250
0x2b0d90 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16192265
0x2b0e70 (212): http://vpn.premrera.com:443/viewpre.asp?
cstring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16264968
0x2b13b0 (210): http://173.254.226.212:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=0&id=16316703
0x2b1820 (95): POST /viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16126562 HTTP/1.1
0x2b18ab (61): User-AgentMozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+
0x2b1918 (25): Hostvpn.premrera.com:4430
0x2b195c (108): Content-Length28POST /viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=255&id=16126562 HTTP/
0x2b19f7 (21): Cache-Controlno-cache
0x2b1b9c (32): vpn.premrera.com
0x2b1c10 (25): Hostvpn.premrera.com:443(
0x2b1c54 (111): Content-Length28POST /viewpre.asp?cstring=qrfxgbctfueibpt3146-
768314168-1967572049&tom=255&id=16160359 HTTP/1.1
0x2b1cef (21): Cache-Controlno-cache
0x2b69f8 (46): \??\C:\Windows\SysWOW64
0x2b6a30 (40): vpn.premrera.com:443
0x2b6b10 (46): http://173.254.226.212/
0x2b6b48 (46): \??\C:\Windows\SysWOW64
0x2b6b80 (40): vpn.premrera.com:443
0x2b6d08 (40): vpn.premrera.com:443
0x2b6f00 (40): vpn.premrera.com:443
0x2b6f70 (40): vpn.premrera.com:443
0x2b70be (128): +ring=qrfxgbctfueibpt3146-768314168-1967572049&tom=0&id=16316703
0x2b7140 (22): id=16264968
0x2b7160 (192): remrera.com:443/viewpre.asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=255&id=16232031
0x3bf216 (22): \REGISTR$S0
0x3bf230 (32): \REGISTRY\USER\S
0x3bf260 (40): \REGISTRY\USER\S22-5
0x3bf290 (48): \??\C:\Windows\SysWOW64\
0x3bf2c2 (22): amedObjHHts
0x3bf2e0 (24): \??\C:\WDDdo
0x3bf300 (80): \??\C:\Windows\SysWOW64\wshqos.dllhqos.d
0xa2e810 (32): \REGISTRY\USER\S
0xa2e8a8 (34): oft\Windows\CurrP
0xa2f250 (276): \REGISTRY\USER\S-1-5-21-245077564-3469246947-3992900880-1001\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\(*
0xa304a8 (71): .asp?cstring=qrfxgbctfueibpt3146-768314168-
1967572049&tom=0&id=16316703
0xa30d08 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
0xa30d3f (41): CommonProgramFiles(x86)=C:\Program Files
0xa30efe (35): w.0\;C:\Program Files\Graphviz\bin
0xa30f22 (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0xa30f60 (16): PROCESSOR_ARCHIT
0xa30fa9 (19): $!t@$!tP$!t`$!tp$!t
0xa30fe1 (23): %!t %!t0%!t@%!t`%!tp%!t
0xa31019 (12): %!t0&!tmData
0xa31026 (35): ProgramFiles=C:\Program Files (x86)
0xa3104a (40): ProgramFiles(x86)=C:\Program Files (x86)
0xa31091 (11): PROMPT=$P$G
0xa3109d (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0xa310de (22): PUBLIC=C:\Users\Public
0xa310f5 (11): SystemDrive
0xa31127 (24): tquan\AppData\Local\Temp
0xa31140 (36): TMP=C:\Users\quan\AppData\Local\Temp
0xa31165 (26): USERDOMAIN=DESKTOP-SH8VOCG
0xa31286 (26):
0xa31304 (24):
0xa31366 (26): abcdefghijklmnopqrstuvwxyz
0xa31386 (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
0xa314d4 (30): ALLUSERSPROFILE=C:\ProgramData
0xa314f3 (37): APPDATA=C:\Users\quan\AppData\Roaming
0xa31519 (34): BuildLab=10240.th1_st1.170427-1347
0xa3153c (51): BuildLabEx=10240.17394.amd64fre.th1_st1.170427-1347
0xa31570 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
0xa315a7 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0xa315e3 (48): CommonProgramW6432=C:\Program Files\Common Files
0xa31614 (28): COMPUTERNAME=DESKTOP-SH8VOCG
0xa31631 (35): ComSpec=C:\Windows\system32\cmd.exe
0xa31655 (12): HOMEDRIVE=C:
0xa31662 (20): HOMEPATH=\Users\quan
0xa31677 (40): LOCALAPPDATA=C:\Users\quan\AppData\Local
0xa316a0 (29): LOGONSERVER=\\DESKTOP-SH8VOCG
0xa316be (22): NUMBER_OF_PROCESSORS=2
0xa316d5 (31): OneDrive=C:\Users\quan\OneDrive
0xa316f5 (13): OS=Windows_NT
0xa31703 (134): Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\
Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0xa3178a (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0xa317c8 (26): PROCESSOR_ARCHITECTURE=x86
0xa317e3 (28): PROCESSOR_ARCHITEW6432=AMD64
0xa31800 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 140 Stepping 1,
GenuineIntel
0xa31849 (17): PROCESSOR_LEVEL=6
0xa3185b (23): PROCESSOR_REVISION=8c01
0xa31873 (26): ProgramData=C:\ProgramData
0xa3188e (35): ProgramFiles=C:\Program Files (x86)
0xa318b2 (40): ProgramFiles(x86)=C:\Program Files (x86)
0xa318db (29): ProgramW6432=C:\Program Files
0xa318f9 (11): PROMPT=$P$G
0xa31905 (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0xa31946 (22): PUBLIC=C:\Users\Public
0xa3195d (14): SystemDrive=C:
0xa3196c (21): SystemRoot=C:\Windows
0xa31982 (37): TEMP=C:\Users\quan\AppData\Local\Temp
0xa319a8 (36): TMP=C:\Users\quan\AppData\Local\Temp
0xa319cd (26): USERDOMAIN=DESKTOP-SH8VOCG
0xa319e8 (41): USERDOMAIN_ROAMINGPROFILE=DESKTOP-SH8VOCG
0xa31a12 (13): USERNAME=quan
0xa31a20 (25): USERPROFILE=C:\Users\quan
0xa31a3a (17): windir=C:\Windows
0xa31a4c (24): __COMPAT_LAYER=Installer
0xa32630 (35): \quan\AppData\Local\Temp\MicroMedia
0xa33725 (27): 1~q 1~q01~q@1~qP1~q`1~qp1~q
0xa33765 (27): 2~q 2~q@2~q02~qP2~q`2~qp2~q
0xa338b0 (15): "#5-2)6K5.^0)%!
0xa343c8 (15): "#5-2)6K5.^0)%!
0x227bdc9 (12): Sut`Sut@out0
0x227c148 (40): ::ffff:208.91.197.27
0x227c34e (44): )DESKTOP-SH8VOCG.local
0x227d8c8 (20): ':\Windows
0x227dd60 (32): 1564-3469246947-
0x227e110 (60): C:\Windows\System32\wshqos.dll
0x227e25c (40): C:\Windows\System32\
0x227e310 (60): C:\Windows\System32\wshqos.dll
0x227e874 (60): C:\Windows\System32\wshqos.dll
0x227ea5a (24): 08.91.197.27
0x227ef2c (86): TIntel(R) 82574L Gigabit Network Connection
0x2280020 (252): <html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>openresty</center>
</body>
</html>

0x2e8c148 (40): ::ffff:208.91.197.27


0x2e8c350 (42): DESKTOP-SH8VOCG.local
0x2e8e728 (108): Software\Microsoft\Windows\CurrentVersion\Internet Set
0x2e8e798 (24): ngs\ZoneMap\
0x2e8e94c (76): Software\Microsoft\Windows\CurrentVers
0x2e8ea58 (30): 173.254.226.212
0x2e8ef2c (86): TIntel(R) 82574L Gigabit Network Connection
0x7ffe0030 (20): d:\Windows

You might also like